The present invention is concerned with a system, apparatus and method for controlling access to facilities by potential users of those facilities, for example physical access to a building or secure area or container, or access to a particular computer system, or to a particular television program.
Conventionally, access to buildings and other facilities is by means of locks and keys, and by other means analogous to locks and keys. Examples are badge locks, cipher locks on which a password or number can be entered and, more recently, locks having sensors equipped to sense biometric data and verify the user""s authorization to enter or use the facility on that basis.
Similarly, facilities such as computer systems may be protected by passwords, and set-top television control boxes or Internet-capable computers may be controlled by a password or personal identification number (PIN) to ensure that, for example, children cannot access material that their parents or guardians determine might be harmful or offensive.
All these systems have the disadvantage that the conventional lock-and-key combination is static and locally controlled, and any data contained within the lock mechanism is not easy or quick to update or change to cater for rapid changes in circumstances.
In addition, such static solutions are typically only useful in controlling access to a single facility:
a single building or complex of buildings located near one another, or a single computing system or set-top box, for example. The process of adding new access points may require re-cabling with dedicated cables. Also, the process of authorizing a new user often requires that the new user go to a security control office to be identified and be given a password or a valid key-badge, for example. In the case of secure facilities on a business or industrial site, this can involve moving a considerable distance from the proposed point of entry to a distant security office, where the user must be identified and issued with an appropriate badge or informed of a cipher-lock key, or where biometric data must be taken and entered into the recognition system for use at the proposed point of entry. The user then has to make the return journey to the proposed point of access.
Such procedures are time consuming and appear unfriendly to expected visitors, who may be given an unfavourable impression of the organisation with whom they are doing business. They also carry the inherent disadvantages of a potential for lost badges being misused, cipher-lock keys being forgotten or exposed by being written down by those who fear they might forget, and the need to employ extra staff to process requests for access. No simple, automated method has been available up to the present to alleviate these problems.
Accordingly, in a first aspect, the present invention provides a system for controlling access to a facility, comprising a portable communicating device, a server means, and one or more access control devices in communication across a network, data storage means available to said server means for storing access control data, said server means being adapted to receive access requests identifying a user of said portable communicating means and including: generating means within said server means for generating access criteria from said access control data according to said user""s identity, and communicating means for communicating said access criteria to at least one of said access control means and said portable communicating means, wherein said access control means is adapted to permit access responsive to said user satisfying said access criteria.
Preferably, in a system as described, said access control means includes a bio-metric security system and said access criteria include bio-metric data associated with said user and said communicating means communicates said bio-metric data from said server means to one or more access control means.
Preferably also said communicating means communicates instructions to operate said bio-metric security system to said portable communicating means.
Alternatively, a preferred feature is that said facility is a cipher locked door and said access criteria include a cipher lock code and said communicating means communicates said cipher lock code from said server means to said portable communicating means. Preferably also, in a system as described, said generating means generates a cipher lock code each time access is to be permitted and said communicating means communicates said cipher lock code from said server means to said access control means.
A further alternative is to have a system as described wherein said facility is a television set, said access control means is a set-top box and said access control data includes one or more user identities associated with ratings data and said communicating means communicates access criteria generated therefrom from said server means to said access control device.
In such a system, it is advantageous to have means for modifying said access criteria, and it is also advantageous to have means for deleting said access criteria after use by said user.
In a system as described it is preferred that said network is the Internet.
The system may advantageously further comprise secure verification means for verifying said user""s identity, and also advantageously may have encryption means for encrypting communications between said portable communicating means, said server means and said access control means.
In a second aspect, the present invention provides portable apparatus for obtaining access to a facility, said apparatus being adapted to communicate over a network; the apparatus comprising display means for displaying an access control display screen, requesting means for requesting from a server access to a facility, and receiving means for receiving information from said server for use by a user to satisfy access control criteria.
A preferred feature of the second aspect of the present invention is to have portable apparatus as described wherein said network is the Internet, said display means is a browser, and said access control display screen is an Internet web page.
It is advantageous also to have portable apparatus as described, further comprising secure verification means for verifying said user""s identity, and preferably also comprising encryption means for encrypting communications.
In a third aspect, the present invention provides a server system for controlling access to a facility, comprising, means for communicating over a network with one or more access control means and a portable communicating means, receiving means for receiving access requests identifying a user from said portable communicating means, data storage means for storing access control data, generating means for generating access criteria from said access control data according to said user""s identity, and wherein said communicating means communicates said access criteria to at least one of said access control means and said portable communicating means.
In a fourth aspect, the present invention provides apparatus for controlling access to a facility, comprising receiving means for receiving access criteria communicated through a network, data storage means for storing said access criteria, and comparing means for comparing said access criteria with user input to grant or refuse access to said facility.
The apparatus as described preferably further comprises means for modifying said access criteria, and preferably further comprises means for deleting said access criteria after use by said user.
In a fifth aspect, the present invention provides a method for controlling access to a facility in a network comprising a portable communications device, a server, and one or more access control devices; the method comprising the steps of storing access control data, said server means receiving access requests identifying a user of said portable communicating means, generating within said server means access criteria from said access control data according to said user""s identity, communicating said access criteria to at least one of said access control means and said portable communicating means, and said access control permitting access responsive to said user satisfying said access criteria. A system for controlling access to a facility, comprising portable communicating means for communicating through a network, server means for receiving access requests from said portable communicating means, data storage means available to said server means for storing access control data, generating means within said server means for generating access criteria, and communicating means for communicating said access criteria from said server means to one or more access control means, whereby said access control means permits access responsive to a user satisfying said access criteria.